00:00
The Financial Ways
The Financial Ways
USD/RUB
EUR/RUB
Cryptocurrency

OkoBot Malware Targets Crypto Wallets via Sophisticated ClickFix Ploy

Disguised as legitimate developer tools like Microsoft SQL Server Management Studio, the OkoBot malware has spent the past year harvesting recovery phrases across five countries. Kaspersky researchers identified the operation, which leverages a modular architecture and deceptive social engineering tactics to bypass standard user caution and compromise digital assets.

OkoBot Malware Targets Crypto Wallets via Sophisticated ClickFix Ploy

The campaign relies on ClickFix, a method that tricks users into executing malicious terminal commands by presenting fake error messages or repair instructions. Once a victim follows these prompts, the malware installs itself, granting attackers deep access to the system. Kaspersky notes that OkoBot avoids targeting users in Russia and other Commonwealth of Independent States countries, focusing its reach instead on Brazil, Vietnam, Canada, Mexico, and Turkey.

At the core of the operation are roughly 20 specialized modules. The SeedHunter component is particularly damaging, presenting users with convincing fake recovery screens for Ledger and Trezor hardware wallets to capture seed phrases directly. Other components, such as MC Keylogger and OkoSpyware, monitor keyboard input, clipboard activity, and screen contents to siphon passwords and account credentials. Because blockchain transactions cannot be reversed, victims have virtually no path to recovery once their funds are moved.

This trend of weaponizing developer environments mirrors recent activity by groups like the Lazarus Group, which utilized similar terminal-based tactics in their Mach-O Man campaign. By embedding malicious commands within what appear to be routine troubleshooting steps, attackers are increasingly bypassing traditional security software, necessitating heightened vigilance among developers and crypto users alike.

Share

Comments (0)

Leave a comment

No comments yet. Be the first!